[svlug] Configuring Server - SSH Trouble + Security Considerations

[Rick Moen]

Quoting ericv (ericv at cruzio.com):

> That's why I always pushed content to my web wervers via SSH rather than allow
> them to pull.  Similar for lightweight backup jobs.  Even though I locked them
> down tight, they were always considered "ceremonially unclean".

Lightweight backup jobs and similar prespecified tasks _can_ safely be 
initiated from the less-trusted end, using locked-down ssh keypairs.
See:  "SSH Public-key Process" on http://linuxmafia.com/kb/Security/